Skip to content

[WIP] Securing EVE Logs #3206

[WIP] Securing EVE Logs

[WIP] Securing EVE Logs #3206

---
name: Request Code Owners Review
on:
pull_request_target:
types: ["opened", "synchronize"]
paths-ignore:
- '.github/workflows/request_codeowners_review.yml'
jobs:
auto_request_review:
runs-on: ubuntu-latest
permissions:
pull-requests: write
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ github.base_ref }}
fetch-depth: 0
- name: Fetch the PR's head ref
run: |
git fetch origin ${{ github.event.pull_request.head.sha }}:${{ github.event.pull_request.head.ref }}
git checkout ${{ github.event.pull_request.head.ref }}
- name: Auto request review
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
reviewers=""
# Get changed files in this pull request
echo "Checking base: ${{ github.event.pull_request.base.sha }}"
echo "Checking head: ${{ github.event.pull_request.head.sha }}"
for changed_file in $(git diff --name-only ${{ github.event.pull_request.base.sha }}...HEAD); do
echo "Checking $changed_file"
while read -r line; do
# Get pattern of the files owned
pattern=$(echo "$line" | awk '{print $1}')
# Remove leading / from pattern and changed_file for comparison
pattern="${pattern#/}"
# Get owners of the files owned
owners=$(echo "$line" | awk '{$1=""; print $0}' | xargs)
# Remove leading / from changed_file for comparison
changed_file="${changed_file#/}"
if [[ "$changed_file" == $pattern* ]]; then
# Add owners to reviewers
echo "Found owners for $changed_file: $owners"
reviewers="$reviewers $owners"
fi
done < .github/CODEOWNERS
done
# Remove duplicates and format for JSON
reviewers=$(echo "$reviewers" | xargs -n1 | sort -u | xargs)
# Remove @ from reviewers (it stays in the beginning of the username)
reviewers_cleaned=${reviewers//@/}
IFS=' ' read -ra reviewers_array <<< "$reviewers_cleaned"
# Get username of PR author to exclude from reviewers
pr_author="${{ github.event.pull_request.user.login }}"
# Remove PR author from reviewers
filtered_reviewers=()
for reviewer in ${reviewers_array[@]}; do
if [[ "$reviewer" != "$pr_author" ]]; then
filtered_reviewers+=("$reviewer")
fi
done
if [ ${#filtered_reviewers[@]} -gt 0 ]; then
json_array=$(printf ',\"%s\"' "${filtered_reviewers[@]}")
json_array="[${json_array:1}]" # Remove the leading comma
echo "JSON array: $json_array"
echo "Requesting review from: ${filtered_reviewers[*]}"
echo https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/requested_reviewers
curl -L \
-D - \
-X POST \
-H "Authorization: Bearer $GITHUB_TOKEN" \
-H "Accept: application/vnd.github+json" \
https://api.github.com/repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/requested_reviewers \
-d "{\"reviewers\": $json_array}"
else
echo "No reviewers found for the changed files."
fi